ShiftLeft CORE Platform Updated
January 06, 2022

ShiftLeft announced that its Intelligent-SCA product added scanning and attackability analysis for JavaScript (JS) and the TypeScript (TS) language to the ShiftLeft CORE platform.

JavaScript is the most widely used programming language and is also a frequent attack target for cybercriminals seeking to exploit vulnerabilities in open source code and the software supply chain.

Development teams using JavaScript frequently add functionality to their code by quickly writing new code or borrowing it from open source libraries like npm or reusing existing libraries and code modules on GitHub. Because JavaScript is a dynamic language and something of a “Swiss Army Knife” working on both the front-end and the server side, developers often move quickly to write quick fixes or hacks that create longer term vulnerabilities. Equally challenging, open source Javascript libraries frequently contain vulnerabilities that create unknown risk for the application. When the introduced risks are serious, it can require months of remediation work to identify and address all the risk ramifications.

By adding JavaScript coverage, ShiftLeft dramatically expanded the ability of Application Security (AppSec) teams to shift security left by providing detailed and accurate guidance to development teams on which vulnerabilities in web applications and JavaScript-driven frameworks can be proven to result in damaging attacks.

With the new product capabilities, ShiftLeft offers the following benefits:

- Software composition analysis solution (SCA) that accurately prioritizes JS/TS open source vulnerabilities by attackability with pre-production scans

- SAST solution that accurately identifies attackable JS/TS vulnerabilities in first-party code with pre-production scans

“By adding JavaScript coverage, ShiftLeft can dramatically expand the percentage of application code covered with attackability insights,” says Alok Shukla, VP Products, ShiftLeft. “As the most popular language playing a critical role in the global web and application infrastructure, JavaScript security will become even more important as the pace and severity of attacks on applications and the open source supply chain - much of which is written in JavaScript — increase over the course of 2022.”

The addition of JS/TS coverage further cements ShiftLeft as a comprehensive and authoritative provider of Application Security testing and attackability analysis. Application security teams and developers using ShiftLeft are able to close more security gaps at a faster pace and spend more time focusing on the issues that matter thanks to the unique ability of ShiftLeft to spotlight attackable vulnerabilities and clearly identify low-risk theoretical vulnerabilities.

Share this

Industry News

January 26, 2022

Puppet announced a new competency-based global channel partner program for the company’s almost-200 worldwide channel partners that operate across 35 countries.

January 26, 2022

Weaveworks announced the acquisition of Magalix.

January 26, 2022

WhiteSource released an Azure DevOps repository integration, allowing Azure DevOps users to detect all open source components and automatically enforce security policies directly from their repository.

January 25, 2022

DataOps.live and Okera, the Universal Data Authorization company, announced a strategic partnership to increase the speed and security of sensitive data workloads running on the Snowflake Data Cloud Platform.

January 25, 2022

ConvergeOne released a Cyber Recovery as a Service (CRaaS) solution that utilizes innovative technologies from Dell Technologies and Amazon Web Services (AWS).

January 25, 2022

ArmorCode secured an additional $8 million in seed financing.

January 24, 2022

Oracle achieved FedRAMP High Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) for an expanded set of Oracle Cloud Infrastructure (OCI) services.

January 24, 2022

Prophecy, the enterprise low-code data engineering platform that brings the speed of DevOps to data engineering, raised a $25 million Series A round.

January 20, 2022

Progress announced the R1 2022 release of Progress Telerik and Progress Kendo UI, powerful .NET and JavaScript UI libraries for app development.

January 20, 2022

CodeSee raised $7 million in additional funding, bringing the company’s raised total to $10 million.

January 20, 2022

Bugsnag now supports Unreal Engine by Epic Games used to develop 3D games, and Electron, a framework to build cross-platform desktop apps in JavaScript running on Windows, macOS, and Linux.

January 19, 2022

Dell Technologies introduced multi-cloud capabilities that offer a consistent experience wherever applications and data reside.

January 19, 2022

Harness announced that it is opening the CD component of its DevOps platform, which is now free and accessible under a source-available license, complementing its CI platform, which is already available under an open source license.

January 19, 2022

The latest offering from Plutora, the Test Environment QuickStart Bundle, takes an agile approach to evolving DevOps practices.

January 18, 2022

Appvance has secured $13 million in Series C funding to accelerate global expansion and product roadmap development.